Out-of-Bounds Read Vulnerability in Linux Kernel Affecting USB Gadget Configuration
CVE-2025-38497

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 July 2025

What is CVE-2025-38497?

A vulnerability in the Linux kernel's USB gadget configuration allows an out-of-bounds read when writing an empty string to certain sysfs attributes. Specifically, the functions handling 'qw_sign' and 'landingPage' failed to validate input length before accessing memory beyond the buffer. This could lead to undefined behavior or potential information leaks. A patch has been applied to the functions that ensures input is checked for zero-length and handles such cases appropriately, enhancing system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 78b41148cfea2a3f04d87adf3a71b21735820a37

Linux 87213d388e927aaa88b21d5ff7e1f75ca2288da1

Linux 87213d388e927aaa88b21d5ff7e1f75ca2288da1 < 15a87206879951712915c03c8952a73d6a74721e

References

https://git.kernel.org/stable/c/78b41148cfea2a3f04d87adf3...
https://git.kernel.org/stable/c/d68b7c8fefbaeae8f065b84e4...
https://git.kernel.org/stable/c/15a87206879951712915c03c8...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.